2.2 Disable/Modify Default Accts - 'alternate admin account has been created (snmp)'

Information

Data ONTAP 7G supports SNMP versions 1c, 2, and 3 (AuthNoPriv). There are many attacks that can be run against SNMP versions 1c/2 as they use a community string as the only control to access the queries for information. It is best to only utilize SNMPv3 to protect the access to the information that is provided by the OIDs. If you cannot use SNMPv3, at a minimum delete the default community string name and replace it with one that is not in the dictionary. The new community string should also contain special characters. This will reduce the likelihood of an attacker using a dictionary attack to guess the SNMPv1c/2 community string.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Create a role, group, and user with login-snmp capability

See Also

http://media.netapp.com/documents/tr-3649.pdf

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2

Plugin: NetApp

Control ID: f6e7ae10c5f3f0fec0f3df53e268265d8dacb394a09e57c678e0772ba7ae2054